No IPv6 on VLAN

Hello,

I can’t get ipv6 to work on my vlans, keep getting this error:

daemon.warn dnsmasq-dhcp[30426]: no address range available for DHCPv6 request via br-lan

The ranges look good in dnsmasq.conf:

dhcp-range=set:lan,192.168.1.20,192.168.1.252,255.255.255.0,86400s
dhcp-range=set:lan,::1000,::ffff,constructor:br-lan,slaac,ra-names,86400s
dhcp-range=set:lan_10,192.168.10.20,192.168.10.252,255.255.255.0,86400s
dhcp-range=set:lan_10,::1000,::ffff,constructor:br-lan_10,slaac,ra-names,86400s

My ISP uses PPPoe, got my upstream ipv6 from DHCP with /64 prefix, this is some part of ifconfig:

br-lan    Link encap:Ethernet  HWaddr BE:B9:23:83:37:38
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::bcb9:23ff:fe83:3738/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2024367 errors:0 dropped:28 overruns:0 frame:0
          TX packets:4033210 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:279950902 (266.9 MiB)  TX bytes:4972855230 (4.6 GiB)

br-lan_10 Link encap:Ethernet  HWaddr BC:B9:23:81:37:38
          inet addr:192.168.10.1  Bcast:192.168.10.255  Mask:255.255.255.0
          inet6 addr: fe80::beb9:23ff:fe81:3738/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:221944 errors:0 dropped:0 overruns:0 frame:0
          TX packets:587661 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:43646135 (41.6 MiB)  TX bytes:663301126 (632.5 MiB)

pppoe-wan Link encap:Point-to-Point Protocol
          inet addr:86.xXx.xXx.243  P-t-P:10.0.22.48  Mask:255.255.255.255
          inet6 addr: fe80::bc4b:d651:64eb:dc75/128 Scope:Link
          inet6 addr: 2a02:2f00:xXxX:ffff::xXxX:1ff3/128 Scope:Global
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:4579260 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2217634 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:5597695047 (5.2 GiB)  TX bytes:332722302 (317.3 MiB)

I can also ping -6 from the router:

root@Route10:/etc/config# ping -6 google.com
PING google.com (2a00:1450:400d:807::200e): 56 data bytes
64 bytes from 2a00:1450:400d:807::200e: seq=0 ttl=60 time=18.247 ms
64 bytes from 2a00:1450:400d:807::200e: seq=1 ttl=60 time=18.609 ms
64 bytes from 2a00:1450:400d:807::200e: seq=2 ttl=60 time=18.468 ms

I didn’t make any changes via SSH, I just used it to track logs and settings.
Any help would be appreciated :pray:

Welcome! Looks like you’re getting IA_NA (the WAN address via DHCPv6) but not IA_PD (or if it is present, it’s not being configured). Also looks like you must have IPv6 enabled on the VLANs in question since you have the appropriate DHCPv6 and RA config there.

Could you please invite me to your site so I can take a closer look? chris at alta dot inc

I’m also not getting IPv6 on VLANS but I am on my main VLAN (default 1) and wired LAN. @Alta-cmb

are you using PPPoe ?

No DHCP

I sent you an invite to mine as well.

Please try to wait for staff to ask for an invitation before sending one to anyone’s email address. It’s very likely that an unprompted invitation will get lost because there is no context surrounding it.

Got it

1 Like

I got it working on VLAN1 (default LAN) by removing list ip6class 'wan6' line from the config, but the other VLANs used for wifi are not getting ipv6.
Can someone on staff have a look as Chris has been offline for a few days. No rush but it’s bugging me. :innocent:

Yeah I moved my VLAN network to the main for now something is defiantly buggy with the IPv6 on VLANs.

My default vlan has always worked on IPv6 but any crested vlans don’t.

What PD size are you using under the WAN settings? Is it set to something or blank?

Tried blank and 64

a PD size of 64 is highly unlikely. With a /64 you can only have a single Subnet. Usually you get a /56 or /48.

1 Like

I have this configuration:

ifstatus wan_6

{
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": true,
"uptime": 489356,
"l3_device": "pppoe-wan",
"proto": "dhcpv6",
"device": "pppoe-wan",
"metric": 0,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [

],
"ipv6-address": [
        {
                "address": "2a02:xxx:xxx:ffff::bc19:xxxx",
                "mask": 128
        }
],
"ipv6-prefix": [
        {
                "address": "2a02:xxx:xxxx:xxx::",
                "mask": 56,
                "class": "wan_6",
                "assigned": {
                        "lan": {
                                "address": "2a02:xxxx:xxxx:xxxx::",
                                "mask": 64
                        },
                        "lan_10": {
                                "address": "2a02:xxxx:xxxx:xxxx::",
                                "mask": 64
                        }
                }
        }
],
"ipv6-prefix-assignment": [

],
"route": [
        {
                "target": "::",
                "mask": 0,
                "nexthop": "fe80::1",
                "metric": 512,
                "valid": 1689,
                "source": "2a02:xxxx:xxxx:xxxx::/56"
        },
        {
                "target": "::",
                "mask": 0,
                "nexthop": "fe80::1",
                "metric": 512,
                "valid": 1689,
                "source": "2a02:xxxx:xxxx:xxxx::bc19:xxxx/128"
        }
],
"dns-server": [
        "2a02:xxxx:xxxx:3::1",
        "2a02:xxxx:xxxx:8::1"
],
"dns-search": [

],
"neighbors": [

],
"inactive": {
        "ipv4-address": [

        ],
        "ipv6-address": [

        ],
        "route": [

        ],
        "dns-server": [

        ],
        "dns-search": [

        ],
        "neighbors": [

        ]
},
"data": {
        "passthru": "001700202a022f0c8000000300000000000000012a022f0c800000080000000000000001",
        "zone": "wan"
}

}

~ # cat /etc/config/network

config interface ‘loopback’
option device ‘lo’
option proto ‘static’
option ipaddr ‘127.0.0.1’
option netmask ‘255.0.0.0’

config device
option name ‘eth4’
option mtu ‘1500’

config interface ‘wan2’
option ifname ‘eth4’
option metric ‘190’
option dns_metric ‘190’
option proto ‘dhcp’
option norelease ‘1’
option peerdns ‘1’

config device
option type ‘8021q’
option ifname ‘eth2’
option vid ‘10’
option name ‘eth2.10’
option mtu ‘1500’

config device
option type ‘8021q’
option ifname ‘eth1’
option vid ‘10’
option name ‘eth1.10’
option mtu ‘1500’

config device
option type ‘8021q’
option ifname ‘eth0’
option vid ‘10’
option name ‘eth0.10’
option mtu ‘1500’

config device
option type ‘8021q’
option ifname ‘eth5’
option vid ‘10’
option name ‘eth5.10’
option mtu ‘1500’

config device
option name ‘br-lan’
option type ‘bridge’
option mtu ‘1500’
option stp ‘0’
option igmp_snooping ‘0’
option ports ‘eth2 eth1 eth0 eth5’

config interface ‘lan’
option ifname ‘br-lan’
option proto ‘static’
option ipaddr ‘192.168.1.1/24’
option ip6assign ‘64’
option multicast_querier ‘0’
option igmp_snooping ‘0’
option force_link ‘1’
option ip6hint ‘10’

config device
option name ‘br-lan_10’
option type ‘bridge’
option mtu ‘1500’
option stp ‘0’
option igmp_snooping ‘0’
option ports ‘eth2.10 eth1.10 eth0.10 eth5.10’

config interface ‘lan_10’
option ifname ‘br-lan_10’
option proto ‘static’
option ipaddr ‘192.168.10.1/24’
option ip6assign ‘64’
option multicast_querier ‘0’
option igmp_snooping ‘0’
option force_link ‘1’
option ip6hint ‘cd’

config interface ‘wan’
option proto ‘pppoe’
option device ‘eth3’
option username ‘xx’
option password ‘xx’
option peerdns ‘1’
option metric ‘200’
option dns_metric ‘200’

config interface ‘xfrm0’
option proto ‘xfrm’
option mtu ‘1380’
option ifid ‘30’
option tunlink ‘lan’

config route
option target ‘192.168.100.0/24’
option interface ‘xfrm0’
option type ‘unicast’

config interface ‘vpn0’
option ifname ‘ppp0’
option proto ‘none’
option auto ‘1’

config interface ‘vpn1’
option ifname ‘ppp1’
option proto ‘none’
option auto ‘1’

config interface ‘vpn2’
option ifname ‘ppp2’
option proto ‘none’
option auto ‘1’

config interface ‘vpn3’
option ifname ‘ppp3’
option proto ‘none’
option auto ‘1’

config interface ‘vpn4’
option ifname ‘ppp4’
option proto ‘none’
option auto ‘1’

config interface ‘vpn5’
option ifname ‘ppp5’
option proto ‘none’
option auto ‘1’

config interface ‘vpn6’
option ifname ‘ppp6’
option proto ‘none’
option auto ‘1’

config interface ‘vpn7’
option ifname ‘ppp7’
option proto ‘none’
option auto ‘1’

config interface ‘vpn8’
option ifname ‘ppp8’
option proto ‘none’
option auto ‘1’

config interface ‘vpn9’
option ifname ‘ppp9’
option proto ‘none’
option auto ‘1’

config interface ‘vpn10’
option ifname ‘ppp10’
option proto ‘none’
option auto ‘1’

config interface ‘vpn11’
option ifname ‘ppp11’
option proto ‘none’
option auto ‘1’

config interface ‘vpn12’
option ifname ‘ppp12’
option proto ‘none’
option auto ‘1’

config interface ‘vpn13’
option ifname ‘ppp13’
option proto ‘none’
option auto ‘1’

config interface ‘vpn14’
option ifname ‘ppp14’
option proto ‘none’
option auto ‘1’

config interface ‘vpn15’
option ifname ‘ppp15’
option proto ‘none’
option auto ‘1’


~ # cat /etc/config/dhcp

config dnsmasq
list domain ‘localdomain,192.168.1.1/24’
list domain ‘localdomain,192.168.10.1/24’
option domainneeded ‘1’
option boguspriv ‘1’
option filterwin2k ‘0’
option localise_queries ‘1’
option rebind_localhost ‘1’
option expandhosts ‘1’
option nonegcache ‘0’
option authoritative ‘1’
option readethers ‘1’
option resolvfile ‘/tmp/resolv.conf.d/resolv.conf.auto’
option nonwildcard ‘1’
option localservice ‘0’
option ednspacket_max ‘1232’
option rebind_protection ‘0’
option cachesize ‘10000’
option dnsforwardmax ‘1000’
option dhcpleasemax ‘10000’
option allservers ‘1’
option noresolv ‘0’
option logqueries ‘0’
option sequential_ip ‘1’
option interface ’ br-lan br-lan_10’
option leasefile ‘/cfg/dhcp.leases’
option localuse ‘1’
option rebind_domain ‘/https://manage.alta.inc/
list server ‘127.0.0.1#5053’
list server ‘127.0.0.1#5054’
list server ‘127.0.0.1#5055’

config dhcp ‘lan’
option interface ‘lan’
option dhcpv4 ‘server’
option force ‘1’
option dhcpv6 ‘server’
option ra ‘server’
option ra_slaac ‘1’
option start ‘20’
option limit ‘233’
option leasetime ‘86400s’
list dhcp_option ‘15,localdomain’
list dhcp_option ‘option:dns-server,192.168.1.200’

config host
option ip ‘192.168.1.200’
option mac ‘00:e2:69:59:1f:52’
option name ‘MiniSrv’
option dns ‘1’

config host
option ip ‘ignore’
option mac ‘26:d8:96:04:cf:7c’

config host
option ip ‘ignore’
option mac ‘0e:0d:20:15:8f:62’

config host
option ip ‘ignore’
option mac ‘be:b9:23:84:37:38’

config host
option ip ‘ignore’
option mac ‘bc:b9:23:81:37:3a’

config host
option ip ‘ignore’
option mac ‘bc:b9:23:81:37:39’

config host
option ip ‘ignore’
option mac ‘be:b9:23:83:37:38’

config host
option ip ‘ignore’
option mac ‘be:b9:23:82:37:38’

config host
option ip ‘ignore’
option mac ‘bc:b9:23:81:37:38’

config dhcp ‘lan_10’
option interface ‘lan_10’
option dhcpv4 ‘server’
option force ‘1’
option dhcpv6 ‘server’
option ra ‘server’
option ra_slaac ‘1’
option start ‘20’
option limit ‘233’
option leasetime ‘86400s’
list dhcp_option ‘15,localdomain’
list dhcp_option ‘option:dns-server,192.168.1.200’

config host
option ip ‘ignore’
option mac ‘26:d8:96:04:cf:7c’

config host
option ip ‘ignore’
option mac ‘0e:0d:20:15:8f:62’

config host
option ip ‘ignore’
option mac ‘be:b9:23:84:37:38’

config host
option ip ‘ignore’
option mac ‘bc:b9:23:81:37:3a’

config host
option ip ‘ignore’
option mac ‘bc:b9:23:81:37:39’

config host
option ip ‘ignore’
option mac ‘be:b9:23:83:37:38’

config host
option ip ‘ignore’
option mac ‘be:b9:23:82:37:38’

config host
option ip ‘ignore’
option mac ‘bc:b9:23:81:37:38’

First, this is a general comment to agree with this, and is not directed at anyone in particular.

Thanks for pointing this out. This is 100% correct. Most ISPs are handing out larger subnets which are suitable to pass IPv6 to multiple VLANs (e.g. a /56 offers 256 subnets, whereas a /48 is 65K), but I have checked out some of the ISPs mentioned (in various topics, not just this one) and some are only handing out a /64 and expecting it to work across multiple VLANs.

A /64 is intended for a single VLAN and cannot be split across multiple VLANs without breaking essential IPv6 functionalities such as NDP, RAs, and SLAAC. Attempting to split it would necessitate NAT, which undermines the core purpose of IPv6. Here are a few various highlights from RFCs, if anyone wants to take technical dive into that. Please expand the following summary for some highlights (I imagine there are others):

Summary

RFC 4291 - IP Version 6 Addressing Architecture

  • This section specifies that Interface Identifiers are 64 bits long and are designed to operate within the scope of a single Layer 2 link. It states:

    • “For all unicast addresses, except those that start with the binary value 000, Interface IDs are required to be 64 bits long.”
  • This implicitly ties the /64 subnet size to a single link, as splitting a /64 would break this addressing model.

RFC 4861 - Neighbor Discovery for IP version 6 (IPv6)

  • Defines a link as “a single layer 2 domain” and clarifies that Neighbor Discovery operates within a single link.

  • Splitting a /64 across multiple VLANs violates this model, as each VLAN is a separate Layer 2 domain.

RFC 4861 - Neighbor Discovery for IP version 6 (IPv6)

  • Explains how Router Advertisements are scoped to a single link, broadcasting the prefix for that link. If a /64 is split, multiple VLANs would incorrectly receive the same Router Advertisement.

RFC 4862 - IPv6 Stateless Address Autoconfiguration

  • SLAAC requires a /64 prefix because it combines the 64-bit prefix from Router Advertisements with a 64-bit Interface Identifier. Splitting the /64 breaks this process.

RFC 7421 - Analysis of the 64-bit Boundary in IPv6 Addressing

  • This RFC justifies the /64 boundary and details issues that arise when deviating from it, including incompatibility with SLAAC and NDP.

It seems that some users have unrealistic expectations. I would guess a /56 is a bit more common, but I honestly have never looked at data so don’t hold me to that.

1 Like

Hello,

From my previous log:

Does this mean i get a /56 prefix ?
I can confirm that for the same ISP with the same plan my Unifi UDM-SE works as expected. I have this configured with UI:

Sorry, I haven’t gotten to reviewing your details yet. For your immediate question, yes, your WAN is correctly requesting a /56 and also receiving public IPv6 subnets on the VLAN interfaces at least.

I can’t specifically comment on why it was passing other VLANs when requesting a /64 on UDM, but it’s possible that there are workarounds ISP side. I will have to circle back shortly on the rest.

EDIT: correction about PD config on WAN

1 Like

This part stands out to me. Below I see that the class is wan_6. If the incorrect ip6class isn’t configured then the other interfaces probably won’t get a PD because they expect it to come from wan6 not wan_6 so they would be discarded, which could explain what you’re seeing.

Does it still by default provision that wan6? If so, could you try modifying it to wan_6, reboot, and see if the IPv6 behaviour changes at all? Curious to know either way. I’ll try to replicate this here too, at face value it appears to be a bug on the config side (but maybe I’m misreading something, or things have changed).

Pretty sure I’ve replicated this here. Different interface names, but same symptoms.

It appears that ip6class is not following the active WAN, but instead the most recently provisioned/saved WAN (which could be inactive). When the class is wrong it definitely breaks IPv6, when I toggle off IPv6 on the secondary WAN, the class corrects itself and IPv6 starts properly passing from WAN1 again.